Telegram Messenger being used to spread multipurpose malware

Kaspersky Lab researchers have uncovered cyber attacks being carried out by a new piece of malware using a zero-day vulnerability feature in the Telegram Desktop app.

The vulnerability, Kaspersky said, is being used to deliver multipurpose malware, which, depending on the computer, can be used either as a backdoor or as a tool to deliver mining software. According to the research, the vulnerability has been actively exploited since March 2017 for the cryptocurrency mining functionality, including Monero, Zcash, and others.

Social messaging services have long been an essential part of our connected life, designed to make it much easier to keep in touch with friends and family. At the same time, they can significantly complicate things if they suffer a cyberattack.

According to the research, the Telegram zero-day vulnerability was based on the RLO (right-to-left override) Unicode method. It is generally used for coding languages that are written from right to left, like Arabic or Hebrew. Besides that, however, it can also be used by malware creators to mislead users into downloading malicious files disguised, for example, as images.

Attackers used a hidden Unicode character in the file name that reversed the order of the characters, thus renaming the file itself. As a result, …read more